[arch-general] pambase update now requires explicit service files in /etc/pam.d/ - dovecot affected

Leonid Isaev leonid.isaev at jila.colorado.edu
Tue Feb 12 16:36:52 UTC 2019


On Tue, Feb 12, 2019 at 09:15:39AM -0500, Jens John wrote:
> On Tue, 12 Feb 2019, at 12:02, Leonid Isaev via arch-general wrote:
> > I am sorry to ask this so late in the discussion, but why Arch default of the
> > "other" module was insecure (and hence why the change)? Is there something
> > wrong with pam_unix?
> 
> Not inherently. They implemented a suggestion from the upstream product
> manual and decided that it was OK to break random [authentication related]
> packages instead of fixing the reverse deps from official repos first and
> then changing pambase.
> 
> Either package maintenance responsibilities are really as fragmented as not
> to care at all or they just ignored it. Given that falconindy is the
> maintainer of pambase, I'll go with the latter interpretation (no judgement
> implied).

There is no problem with using upstream defaults (so I personally support the
change to the pambase package), and I think that ppl should just fix their
stuff to properly work with PAM. But I still don't understand why using
pam_unix.so was called permissive policy...

Thanks,
-- 
Leonid Isaev


More information about the arch-general mailing list